Please be aware that Intel have announced the below vulnerability.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html

This vulnerability affects most Intel CPUs which have been released since 2011 and may allow information disclosure.  Intel is releasing Microcode Updates (MCU) to mitigate this potential vulnerability.

The vulnerability is similar to meltdown/spectre in that it attacks the Cache of a system and retrieve sensitive information, however it is different in that the attacker cannot effect changes, they can only ‘sample’ data. This sampled data could then be reconstructed, allowing the attacker to view sensitive information such as account usernames and passwords.

Each of the variants of MDS vulnerability relies on an optimization of the load path for intel CPUs, which allow for the attacker to extract sampled data from the stale buffer and retrieve sensitive information.

Vendors are in the process of releasing patches to remediate this issue, we recommend applying these patches as soon as possible.  Please get in touch with our Service Desk on 01635 203700 or servicedesk@foundation-it.com if you’d like to discuss the issue in more detail.

back to blog

Mike Starnes

About the Author: Mike Starnes

Mike has worked in the IT Industry for over 20 years. If he's not talking technology, he'll be reading, playing football or trying to embarrass his daughters.